diff --git a/public_html/classes/paymentmethod.php b/public_html/classes/paymentmethod.php
index 1f995cd..02cd21d 100644
--- a/public_html/classes/paymentmethod.php
+++ b/public_html/classes/paymentmethod.php
@@ -95,7 +95,7 @@ class PaymentMethod extends CPHPDatabaseRecordClass
switch($type)
{
case PaymentMethod::PAYPAL:
- return filter_var($address, FILTER_VALIDATE_EMAIL);
+ return filter_var($address, FILTER_VALIDATE_EMAIL) || preg_match("/^[A-Z0-9]{13}$/", $address);
case PaymentMethod::BITCOIN:
return (preg_match("/^[a-zA-Z1-9]{27,35}$/", $address) == true);
default:
diff --git a/public_html/modules/donate.php b/public_html/modules/donate.php
index 79038dc..15f1a63 100644
--- a/public_html/modules/donate.php
+++ b/public_html/modules/donate.php
@@ -82,7 +82,19 @@ if(!empty($_POST['submit']))
$sQuotedName = urlencode("{$sCampaign->sName} (via ReDonate.net)");
$sQuotedNumber = urlencode("0");
$sQuotedReturnUrl = urlencode("http://redonate.net/thanks/{$sCampaign->sUrlName}");
- redirect("https://www.paypal.com/cgi-bin/webscr?business={$sQuotedRecipient}&cmd=_donations&item_name={$sQuotedName}&item_number={$sQuotedNumber}¤cy_code={$sCurrency}&amount={$sAmount}&return={$sQuotedReturnUrl}");
+
+ if(filter_var($sPaymentMethod->sAddress, FILTER_VALIDATE_EMAIL))
+ {
+ $target = "https://www.paypal.com/cgi-bin/webscr?business={$sQuotedRecipient}&cmd=_donations&item_name={$sQuotedName}&item_number={$sQuotedNumber}¤cy_code={$sCurrency}&amount={$sAmount}&return={$sQuotedReturnUrl}";
+ }
+ else
+ {
+ /* This is most likely a hosted button ID. We can only provide limited information in this case - we can really only set the item description.
+ * Not sure if setting the return URL will work, but we might as well try. */
+ $target = "https://www.paypal.com/cgi-bin/webscr?hosted_button_id={$sQuotedRecipient}&cmd=_s-xclick&item_name={$sQuotedName}&return={$sQuotedReturnUrl}";
+ }
+
+ redirect($target);
return;
case PaymentMethod::BITCOIN:
if($sPaymentRequest->sCurrency != "btc")
diff --git a/public_html/modules/payment/paypal.php b/public_html/modules/payment/paypal.php
index 1641a88..ed894ea 100644
--- a/public_html/modules/payment/paypal.php
+++ b/public_html/modules/payment/paypal.php
@@ -37,4 +37,16 @@ $sQuotedRecipient = urlencode($sPaymentMethod->sAddress);
$sQuotedName = urlencode("{$sPaymentRequest->sCampaign->sName} (via ReDonate.net)");
$sQuotedNumber = urlencode("{$sPaymentRequest->sId}");
$sQuotedReturnUrl = urlencode("http://redonate.net/pay/{$sPaymentRequest->sSubscription->sEmailAddress}/{$sPaymentRequest->sId}/{$sPaymentRequest->sKey}/paypal/done");
-redirect("https://www.paypal.com/cgi-bin/webscr?business={$sQuotedRecipient}&cmd=_donations&item_name={$sQuotedName}&item_number={$sQuotedNumber}¤cy_code={$sCurrency}&amount={$sAmount}&return={$sQuotedReturnUrl}");
+
+if(filter_var($sPaymentMethod->sAddress, FILTER_VALIDATE_EMAIL))
+{
+ $target = "https://www.paypal.com/cgi-bin/webscr?business={$sQuotedRecipient}&cmd=_donations&item_name={$sQuotedName}&item_number={$sQuotedNumber}¤cy_code={$sCurrency}&amount={$sAmount}&return={$sQuotedReturnUrl}";
+}
+else
+{
+ /* This is most likely a hosted button ID. We can only provide limited information in this case - we can really only set the item description.
+ * Not sure if setting the return URL will work, but we might as well try. */
+ $target = "https://www.paypal.com/cgi-bin/webscr?hosted_button_id={$sQuotedRecipient}&cmd=_s-xclick&item_name={$sQuotedName}&return={$sQuotedReturnUrl}";
+}
+
+redirect($target);